CyberSecurity updates
2024-12-26 12:14:11 Pacfic

Malicious PyPI Package 'aiocpa' Steals Cryptocurrency Information - 28d
Read more: blog.reversinglabs.com

A malicious PyPI package, ‘aiocpa’, was discovered to be injecting infostealer code into cryptocurrency wallets. This highlights the risk of malicious code injection into open-source software repositories and the importance of dependency management. The malicious actors did not use typosquatting techniques, but published a legitimate-looking crypto client to attract users.